Hi, @Daniela. I do believe I have found the site in questions and I see it using a custom SSL certificate, not our automated certificates provided using the Let’s Encrypt service.

Everything appears to be correctly configured so I enabled the Let’s Encrypt certificate for this domain and I do show SSL working correct at this time.

It appears everything for the automated SSL certificates was already correctly configured. I’m only guessing but I think maybe you used the custom SSL certificate because the automated certificate wasn’t working.

Why didn’t it work before? Again, only guessing (as I could find no issues) but in the vast majority of cases it is because the time to live (TTL) values in the previous name server settings were causing those old records to remain in the DNS caches of various DNS servers. This would prevent the Let’s Encrypt provisioning with Netlify from working until they expired.

Please also know that, if the custom SSL certificate was working, I would not have made any changes. I only changed that setting because it wasn’t working so there seemed to be no downside to testing it. Had the existing SSL configuration been working, I would have double checked before making changes to it.

We do have a community topic which contains suggestions about how to make DNS changes to migrate domains to Netlify with little or no downtime:

The trick with migrating a live site is all in DNS timing .
Specifically, we can't get a new SSL certificate for your site until the Time To Live (TTL) value has expired from your old DNS values. The new DNS values for Netlify must first be in place and correct, and then issuing the certificate is a breeze!
Below are the steps to follow for a successful migration with minimal downtime. There are quite a few steps in this process, not gonna lie. But no worries, you got this. Take a read throu…

To summarize, all the configuration was done correctly and it looks like it was only that more time was required for the old NS records to expire.

The new Let’s Encrypt certificate will automatically renew each 90 days and, if there were any issues with those renewals, Netlify will email you in advance before the existing SSL certificate expire to give you a chance to correct any settings or use a different method for SSL (like the custom certificate method). Note, I don’t think there will be any issue with renewals for this SSL certificate; I’m just explaining that if there are issues you would know before the current certificate expired.

Thank you for your help and explanation! Enabling the Let’s Encrypt certificate was the only thing I did not try because I thought that as I have a custom one I’d just use it until it expires (in may next year). Probably my custom certificate is not supported by Netlify? It’s a positive SSL one

note: I don’t really mind using Let’s Encrypt. For what I need it for, is good enough. I just thought to use the other one as I have it already